“No logon servers are available” error after installing updates (SBS2008)


Yesterday I was doing maintenance on a Windows Small Business Server 2008, the Windows Update patches installed successfully and the restart button was pushed. And then the problems started.. Server rebooted and had problems starting several services such as Active Directory Domain Services, DNS, Exchange, Cetificates and several more. Trying to logon to the server with my Domain Admin credentials gave me this error message: sbs_2008

The same error message came when I tried to logon to other servers in the domain. So what does the trick to fix this?

1. Logon to the server with the local administrator username and password (hit “.\administrator”, in username field to force the logon with local admin)
2. when logged into the server, check that services that supposed to be started are started. — as you noted when you did the logon, you got into safe mode…  strange? yes..
3. So, hit the “WIN + R” and type “MSCONFIG” 4. navigate to the “Boot” menu, and remove the “Safe boot – Boot options” hit Apply and restart your server.
sbs_2008_01
5. Give the server some time to startup again and test the logon with an “domain admin” account   Worked for me 🙂  

SCCM – Exclude updates


Sometimes (not often i hope) you want to exclude updates for somehow that you are deploying to all your computers with System Center Configuration Manager 2012.
The excluding of Windows updates can be done with some few steps.

So this is how you do it:

1. Start with creating av “excluded updates” folder under “Software Library -> Software Updates -> All Software Updates”
exclude_patch4

2. Move updates that you want to exclude into this folder (right click and “move”)
exclude_patch1

3. Navigate to your moved updated and right click it then go to “Properties” and in the pane “Custom Severity” choose “Low”
exclude_patch

4. Navigate to your “Automatic Deployment Rule” and edit your rule so that you only distribute updates that are marked as “None” in Custom Severity
exclude_patch3

 

With this the next time the ADR is running it will distribute only the updates that does not have any “Custom Severity” defined on them, all updates that are to be distributed every month comes with none custom severity and therefore you will not send out the one that you change severity of.

exclude_patch5
exclude_patch6

 

Powershell: Exchange – List all mailboxes in one database


To list all mailboxes in one database and sort it by size, use this nice PowerShell line:

Get-MailboxStatistics -Database <DATABASENAME> | select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending

 

If you want to export the list to an CSV file, put “| Export-CSV C:\MailBoxSize.CSV” at the end of the PowerShell line.

Exchange tips: Out of Office on users


To check information about Out Of Office for mailbox users we can run an powershell “one liner” and get useful information.

The PS, Get-MailboxAutoReplyConfiguration “username” will show you this useful information:

  • AutoReplyState (Disabled/Enabled)
  • Start date (date and time)
  • End date (date and time)
  • External Message (in HTML format)
  • Internal Message (in HTML format)

OOO_ps

With this command you can easily change the message as wel!

Get-MailboxAutoReplyConfiguration julras | Set-MailboxAutoReplyConfiguration -ExternalMessage “Hi, I`m testing OOO” -InternalMessage “Hi, I`m testing OOO” -Autoreplystate Enabled

As you can see in my PS command i here GET the results of “julras” user and pipe it throug an SET command to change the External and internal message and then Enable the Out of Office for the user.

AD: Windows Time configuration


Domain controllers

It is ONLY the domain controller holding the PDC role that should use external NTP. All the other domain controllers should sync with PDC domain controller. To find the server holding the PDC role run
netdom /query fsmo

On the domain controller holding the FSMO role you should configure NTP with this command
w32tm /config /manualpeerlist:"1.no.pool.ntp.org 2.no.pool.ntp.org" /syncfromflags:manual /reliable:yes /update

On the other domain controllers configure NTP with this command
w32tm /config /syncfromflags:domhier /reliable:no /update

Servers

On the servers in the domain you should configure NTP with this command
w32tm /config /syncfromflags:domhier /update

Servers outside the domnain should use this:
w32tm /config /manualpeerlist:"IP" /syncfromflags:manual /reliable:yes /update

Some info

All the above configuration has to be followed by the command below to take effect
net stop w32time
net start w32time

If you wan’t to query a NTP source run this
w32tm /monitor /computers:p2dc02.corp.local,ntp.as2116.net

If w32tm don’t exist as a service
%windir%\system32\w32tm /register

Thnx to Henning Ims for this fantastic solution. 🙂

DFS Replication error on Domain Controllers


If you have DFS replication errors on one or more domain controllers, first find out witch domain controller that has the error.
log on to all your domain controllers and check the Event log -> Applications and Services Logs -> DFS Replication and look for Warnings.

In this example the domain controller had an dirty shutdown based on power failure.

If you find this one, the resolution is described in the event
ad_repl

1. first of all, take backup of your SYSVOL directory on all domain controllers (usually found under c:\windows\sysvol)
2. run the wmic command described in your event id in an elevated command prompt
3. the method should execute successful and the Return Value should be like 0;
ad_repl1

When this is done, you should see an information event in event viewer:
ad_repl2